Description
A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises from an improper access control in the addStudentView endpoint of the CodeIgniter Student Management System. An attacker can manipulate the request to bypass authentication and authorization checks, gaining unauthorized viewing or modification of student records. The flaw corresponds to CWE-266 and CWE-284, indicating improper privilege management and access control weaknesses. The impact is the potential exposure or tampering of sensitive student data, affecting confidentiality and integrity.

Affected Systems

The affected product is hemant6488:CodeIgniter-StudentManagementSystem. All releases are rolling and version information is not specified, meaning the flaw could exist in any current or future iteration of the software.

Risk and Exploitability

The CVSS score of 6.9 classifies the vulnerability as a medium severity flaw. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack can be executed remotely and the exploit has been publicly disclosed; however, no official patch has been released, so the risk persists until a remediation is applied.

Generated by OpenCVE AI on May 26, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the /index.php/students/addStudentView code and ensure that it performs proper authentication and role checks before rendering the view; if missing, add explicit privilege verification.
  • If you cannot modify the code, restrict external access to the endpoint by implementing firewall or reverse‑proxy rules that allow only trusted IP ranges.
  • As a temporary measure, disable public access to the route via web‑server configuration and monitor server logs for suspicious requests until a definitive fix is deployed.

Generated by OpenCVE AI on May 26, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Title hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access control
First Time appeared Hemant6488
Hemant6488 codeigniter-studentmanagementsystem
Weaknesses CWE-266
CWE-284
CPEs cpe:2.3:a:hemant6488:codeigniter-studentmanagementsystem:*:*:*:*:*:*:*:*
Vendors & Products Hemant6488
Hemant6488 codeigniter-studentmanagementsystem
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Hemant6488 Codeigniter-studentmanagementsystem
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T15:13:11.629Z

Reserved: 2026-05-25T19:08:06.034Z

Link: CVE-2026-9517

cve-icon Vulnrichment

Updated: 2026-05-26T15:13:07.502Z

cve-icon NVD

Status : Received

Published: 2026-05-26T00:16:57.470

Modified: 2026-05-26T00:16:57.470

Link: CVE-2026-9517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T12:59:49Z

Weaknesses